Get in touch





I agree to the
terms & conditions


How to Maintain Effective Cyber Security Posture with Remote Working

How to Maintain Effective Cyber Security Posture with Remote Working

remote working

Since remote working, have you seen a rise in the amount of suspicious/spam emails? Perhaps some are stating “urgent request” or ‘document shared with you” Maybe a few have even broken through your filters into your inbox? This is only the tip of the iceberg of concerns for companies who are remote working. During COVID-19, threats to our cyber security systems have increased exponentially, so now is the time to really ask yourself, is my cyber security posture the most secure it can be, with all these extra risks and threats we are facing with remote working?

What do we mean by Cyber Security posture?

We all know about how to retain the correct posture at your desk through all the health and safety audits we have sat through (no pun intended) but what do we really mean by posture when it comes to cyber security systems?

Just like sitting the right way, and having your desk set up correctly can help prevent potential injury to your body, a good cyber security posture will help prevent serious injury to your systems especially, security breaches and cyber-attacks. Your posture in this manner of speaking is how secure you and your workers are from these potential threats.

From a recent survey Barracuda carried out, they found that almost half of all respondents from global businesses have encountered at least one cyber security scare since shifting to remote working, during this Covid-19 lockdown. This shows that now more than ever, it should be a priority to make sure your cyber security posture is secure and that you are confident in your systems, tools, as well as your employees.

Things to consider in order to be cyber secure

Equipment and VPNs

There are many different factors to consider, in order to ensure your cyber security systems are the most secure they can be with remote working. One of the most important things to start with is to make sure you have a secure VPN for all your employees to use. This is vital as home broadband does not have the same security protocols and will not be 100% secure and safe. You can read more about the importance of VPNs on one of our previous posts here.

You also need to make sure that all your employees are using authorised, protected work devices at all times. It is all too simple for an employee to decide it is easier to send and receive emails from their personal mobile. But, this should be stopped, to help prevent potential security breaches. You can do this through a simple fix which requires the employee to get admin permission to set up email accounts on different devices. This will also enable your IT team to monitor who tries to use non-authorised devices to access work servers.

Email reminders

When your employees are in the office, it is easier to pop over to their desks to remind them of upcoming IT updates that need to be completed. However, this is something that often falls by the wayside by both employers and employees when remote working. Make a point of sending out reminder emails when updates are due. Those updates are key to continuing to retain a strong cyber security posture, in order to help protect your company from threats.

On the topic of email reminders, when was the last time you emailed your employees reminding them to stay alert to phishing/scam emails? Phishing emails spiked by over 600% since the end of February reported in info security magazine. This is due to cyber criminals have begun to take advantage and capitalize on the fear and uncertainty generated by COVID-19 pandemic. This could cause serious problems for your company and it only takes a single employee to open one resulting in a security breach.

GDPR

GDPR. The new set of guidelines brought in which changed the way we share and store data completely. With remote working, it is just as important if not more so to remember GDPR, and ensure all staff is remaining compliant. This includes ensuring any sensitive data being sent to a 3rd party is encrypted with the relevant security, and that files are shared in the correct manner, and not in a way that could be intercepted by hackers.

There is a multitude of file sharing sites out there which will enable your employers to share documents securely and help keep your cybersecurity posture strong. Make sure your employees are aware of the importance of encryption and sharing data responsibly and securely.

But, what happens if your staff suspects a potential breach to your cybersecurity systems? Do your employees know what to do, should they suspect this? If you can’t instantly and confidently say yes then make sure you remind all staff on the protocols so that if the worst does happen and a breach does occur, you can be alerted straight away and ensure minimal damage and disruption.

So, how do I know my cybersecurity posture is the most secure it can be?

You may be reading through this article saying to yourself “I already make cybersecurity one of my top priorities” but can you put your hand up and say with 100% confidence, that your cybersecurity posture, is as secure as it can be?

Don’t worry if you can’t, you are not alone. According to Barracuda’s survey, over 41% of respondents had doubts over how secure their web applications were, and who can blame them, with so many new cyber threats appearing each day?

There is a simple solution for this, which can help to put your mind at ease and provide a full security report within a matter of days. Security assessment tools such as our CTAP assessment are designed to help identify any areas for concern to help strengthen your cybersecurity posture. This will not only assess all your cybersecurity systems for potential weaknesses, but the analysis results can also lead to an improvement in productivity and utilisation. Assessment tools such as ours are key to ensure your cybersecurity posture is the strongest, and most secure it can be.

It’s clear to see that remote working has put a lot of extra pressure on companies worldwide.  With no foreseeable end right now for remote working. Our priority is your security and peace of mind so that you can focus on your company, and not worry about cyber threats.

To find out more about what Nouveau can do for you or about our new CTAP tool call us on 01189 186822 or email us on hello@nouveau.co.uk

VPN Security and Other Systems to Work From Home Safely – Same Security Everywhere

VPN Security and Other Systems to Work From Home Safely – Same Security Everywhere

The current coronavirus pandemic has led to organisations having to develop new strategies allowing their employees to continue working but now from home, and as effectively as possible. With the increase of remote workers, we are now starting to see an increase in online security threats as a result.

Remote access can be handled through protocols such as Windows remote desktop (also known as Windows RDP)– allowing users to access a remote desktop within the company’s internal network. The drawback of this platform is that it allows your employees to access your company’s network by opening your network to the entire internet. Thus increasing the risk of security breaches.

Thankfully there is a way to allow organisations to provide employees secure access to company network resources without leaving it vulnerable and open to security attacks. This is done through VPN technology (Virtual Private Networks).

More about VPN Systems

A VPN – short for Virtual private network provides a secure link between employees and businesses by encrypting and scanning data. Dependent on the method of termination used and in conjunction with a UTM device there are further security benefits to be made.  For e.g. malicious software such as viruses can be detected and mitigated.

To avoid security risks companies should ensure they are set up to capture metrics about the performance and availability of their VPN services. Ask yourself “When was the last time you took the time to look at your VPN logs?” This process will allow you to detect any compromises of VPN connections and accounts. In principle, now is the time where it is easier to spot compromised accounts, with employees working from home you should be able to spot any irregular VPN usage pattern for each user working from home.

Here’s a deeper look at how a VPN (Virtual private network) works. A VPN uses encryption and other security mechanisms to scramble (otherwise known as encrypting) data when it is sent over a public network. The encryption process now makes the data unreadable. A strong VPN will ensure that only authorised users can access the network and that the data cannot be intercepted.

A VPN will stop cyber criminals seeing your company’s remote service on the internet, therefore reducing risk of interception of communications between your employees and your network.

Your devices

Ensure you are protecting your devices whether it is your laptop, tablet or smart phone. Devices can be prime targets for cyber criminals as soon as you access the internet even more so when you are on a public network. A VPN will protect the data you send and receive on your device putting a stop to hackers watching your every move.

With many VPN solutions out there make sure you do your homework to choose the right one for your needs. Regardless of which provider you choose, a VPN, in conjunction with other technology will ensure that you comply with security standards.  Contact Nouveau Solutions today where we can offer support for VPN enquiries and challenges.

Call us on 01189 186822 or contact us by email on hello@nouveau.co.uk.

Data security is everyone’s responsibility

Data security is everyone’s responsibility

How to keep your company data secure with simple security practices.

Why Educating Staff on Data Security Is Critical

Failure to educate staff on some of the most basic principles of data security can cause big problems for businesses of all sizes.

It’s estimated that up to 92% of malware is delivered via email to users- and considering that the majority of businesses will use email to communicate both internally and externally, there’s no end to the list of people that could be affected by malware.

Luckily, the risk of malware and phishing attacks can be kept at a manageable level as long as everyone within a business takes responsibility for the business’s cyber security.

Given today’s rapidly growing technology industry, there’s always new threats that arise from the communication tools we use on a daily basis. However, by ensuring that staff are correctly educated on data security can mean that businesses are able to take control of their cyber security measures in a way that is manageable for everyone.

By educating staff on the ‘do’s’ and ‘don’ts’ of cyber security, you’ll be moving the responsibility of data security from not just one person or dedicated team but to everyone, making the company less susceptible to attacks whilst also reducing workplace staff for those in charge of IT security.

Best Data Security Practices

This list of best practices is a great stepping-stone for any business looking to take control of their IT and data security.

Passwords

The strength of a password is a reflection of its length, complexity and unpredictability. All three of these factors together are responsible for how secure how a password is, however, these factors do not replace the need for other essential security controls to ensure that passwords are not breached.

Setting up passwords - Data security

To ensure that passwords are secure they should be sufficiently long in length, it’s worth aiming for between 12 and 14 characters with a mixture uppercase and lowercase characters too. Additionally, adding special characters to your password will help to strengthen passwords. You should also be mindful of where you are storing passwords, we do not recommend keeping a book of passwords in your desk drawers. There are a number of online password manager applications designed to keep your company’s password safe, secure but accessible for employees.

Email security

Most people are quick to disqualify the need for email security, up to 80% of successful cyber attacks involve phishing- a common form of fraud where individuals are asked to reveal personal information such as passwords, credit card information etc. whilst purporting to be from a reputable business.

Email security software can help to reduce the occurrence of these phishing scams from entering into staff mailboxes. However, it’s also important that the company has relevant policies in place that determines how staff can identify potentially fraudulent emails as well as what to do in when one is discovered.

Again, this method of protecting your business from IT threats means that every individual within a business is responsible for managing their IT security at work.

Attachments

Having strict procedures in place were by staff understand what the safe working practices are surrounding opening and sharing attachments via email will help to reduce IT threats and malware.

In order to do this, it’s important to be aware of some of the techniques that are used by fraudulent attackers/ scammers. Often unsuspecting victims of opening dangerous attachments involve the use of social engineering tactics such as:

  • Customised personal message text (such as “Dear John” or “please review the attached”)
  • Forgery (Fraudulent emails sent by someone you appear to know)
  • Threatening (Attackers may use messages like “your account will be closed unless you…”)
  • Creating messages look as if they were sent from an official source (“support.t@microsoftc.om”)
  • Making the attachment look harmless (“my_holiday_pictures”)

These are just a small number of ways that hackers could use in order to gain your trust and get you or a staff member from opening a hazardous attachment in an email or message.

Luckily, taking control of your businesses IT security doesn’t have to be complicated. Nouveau solutions can help to provide your staff with training, advice and solutions to combat IT security at work. Find out more about how you can train staff to take the steps necessary to protect themselves and your business from cyber threats. Get in touch with Nouveau Solutions today.

What Is Malware? – Frequently Asked Questions

What Is Malware? – Frequently Asked Questions

Short for ‘malicious software’, malware constitutes any program or file that is harmful to a computer user. Malware is a blanket term for disruptive and damaging software, and covers many different types of threats to your computer safety; such as viruses, spyware, ransomware, adware, worms, Trojans and rootkits.

Every day, the independent IT security institute, AV-TEST registers over 350,000 new malicious programs (malware) and potentially unwanted applications (PUA) highlighting how easily your computer could be infected with disruptive software.

How does malware work?

Depending on the intent of the author, malware can work in a number of different ways, performing a variety of functions such as hijacking the computer, encrypting, deleting data or simply monitoring computer activity without permission.

The goals of most malware authors is to make money from their program, either by extracting payment from their target in exchange for the return of access to their computer (ransomware), or by selling their software to the highest bidder on the dark web.

One of the most high profile examples of a malware attack in recent years was the WannaCry ransomware attack, which affected users worldwide by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.

More than 200,000 computers were infected via phishing email, which exploited a vulnerability within Microsoft – with the NHS the most prominent victim of the attack with hospitals across the UK affected.

How can malware get on your computer?

There are numerous ways that malware can find its way on to your computer, with the common causes including;

  • Online Downloads – a frequent cause of malware entering your computer, malware authors hide damaging programs within download files, commonly in the form of Trojan horses that are activated after installation.
  • Drive-by Downloads – unlike the above, drive-by downloads do not require consent to enter your computer, with triggers such as visiting a webpage enough for authors to commence a download.
  • Removable Drives – infected removable drives, such as USBs and external hard drives, can be used to spread malware from one device to another without any online interaction taking place.
  • Phishing – emails that are designed to have come from official sources, containing sensitive information such as delivery details, tax refunds, or invoices to encourage users to open and interact with them.

How does malware affect your computer?

The installation of malware can have a significant impact on your computer’s performance, as well as the privacy of your sensitive data, which can be potentially accessed by hackers.

With attacks where your computer is effectively ‘held hostage’ by hackers, it can be impossible to use your computer before an adequate ransom has been paid. New research from SentinelOne has revealed that ransomware attacks are costing individual businesses an average of £637,813.99 per annum, with another organisation calculating that ransomware costs businesses more than £64billion per year.

The average cost in time of a malware attack is 50 days – highlighting the seriousness that an infiltration can have on your business, significantly limiting productivity, performance and time and potential damage to brand reputation.

How can malware be prevented?

Fortunately, there are steps that you can take to protect yourself, and your business from the detrimental effects of a malware attack.

Installing anti-virus software will provide reactive protection for your computer, but will fail to protect your network in the event of an attack – this is especially prevalent if your anti-virus software is not regularly updated to protect against the latest security threats.

Regular patching and updating your anti-virus software is important as well as updating your operating system, browsers, and plugins. As Windows users found out in 2017’s WannaCry ransomware attack, even small vulnerabilities can be exploited with devastating effect. Ensuring you have the latest security upgrades and patches will help provide some added protection for your devices.

It is also important to stay vigilant. If a website looks suspicious, don’t visit it. If an email looks too good to be true, it probably is. Especially with phishing emails, hackers will use similarly sounding email addresses to trick users, so always read who the email is coming from before clicking on it.

As cyber threats become more sophisticated we advocate a layered security approach to provide better protection of your organisations IT assets and network. This approach will enable you to monitor, detect and remediate the different attack vectors and entry points ensuring that you have all bases covered.

With our proactive managed IT security service, we install, configure, monitor and manage upgrades to your organisation’s IT security, ensuring it’s providing the maximum defense for you and your business.

To learn more about how to protect your computer from malware, and how we can help keep your business’ IT secure and operational, speak to one of our expert consultants on 0118 918 6822, emails us using hello@nouveau.co.uk or get in touch via our contact form.

Managed Service Providers: Frequently Asked Questions

Managed Service Providers: Frequently Asked Questions

In an increasingly online world, the importance of IT cannot be understated for businesses.

Most companies (89%) expect their IT budgets to grow or stay steady in 2019, with the need to upgrade outdated IT infrastructure is the biggest driver of these budget increases (source).

However, balancing the upgrades and maintenance of your IT infrastructure, as well as the day-to-day IT needs of your employees and customers can become an overwhelming experience for your IT department.

Choosing a managed services provider can help to alleviate this problem – keeping your systems business as usual – allowing your IT department to focus on improving business efficiency and performance.

But, first…

 

What is a Managed Service Provider?

A managed service provider (MSP) is an organisation that remotely manages a customer’s IT network and infrastructure, as well as their on premise or cloud applications.

Providing extra IT support when you need it most, managed service providers acts as an extension of your IT team – ensuring that your business’ IT systems remains secure, robust, and operational.

Typically, MSPs operate under a subscription model, creating a scalable IT solution that allows you to choose the coverage that’s the best value for your organisation.

How do Managed Services work?

When outsourcing your IT to a managed service provider, you will have an initial consultation to assess your current IT environment. The infrastructure you have invested in, the systems you use, and your end-to-end applications will be reviewed to ensure that you receive the most suitable managed services support for your business.

As a leading managed service provider, we proactively review your security, infrastructure and system performance and let you know if there are any areas of concern, or network improvements. We also monitor and detect threats to your system in real time, taking immediate action when required, while keeping you informed to protect your business.

 

What Services can an MSP Offer?

Typically the services that a managed service provider can offer your business is tailored to your IT needs. Typically services provided include:

  • IT Support – keeping your infrastructure operational and secure.
  • Endpoint Protection – monitoring your applications and network to ensure all suspicious activity is detected and re-mediated.
  • Compliance – ensuring you are GDPR compliant.
  • Firewall Management – managing your firewall, making sure it’s always optimised and up-to-date to guard against the most recent advances in security threats.
  • Security Information and Event Management (SIEM) – constantly monitoring the integrity of your entire IT system, and creates an alert if any potential weaknesses are detected.

business advice

Why Choose a Managed Service Provider?

There are many benefits to working with a managed service provider. Here’s why your business should consider working with an MSP:

  • Cost Effective – by only paying for the cover your business needs, you can rest assured that your infrastructure is secure without needing to break the bank.
  • Flexible – if you only require office-hours support, there’s an option for you, or if you need round the clock, 7 days a week support, you can have the option that gives you the level of managed IT support your business needs.
  • Peace of Mind – enables you to focus on your business without having to worry about your IT.
  • Expertise – working with a managed service provider allows your business to access a wide pool of knowledge that may not be otherwise available within your in-house IT team.
  • Secure – proactively monitoring your IT systems and infrastructure ensures that your business is protected from evolving security threats.

 

How much do Managed Services Cost?

The cost of working with a managed services provider varies depending on the support your business needs.

At Nouveau, our IT support services are flexible, so you can choose the Service Desk coverage that’s the best value for your organisation. So, whether you need 8-5 support, or 24-7 assistance, we have a range of managed service packages to help ensure your business continues to operate at maximum efficiency.To learn more about managed services, and how we can help keep your business’ IT secure and operational, speak to one of our expert consultants on 0118 918 6822.

Alternatively, you can get in touch via our contact form.


” I would like to take this opportunity to thank you for all the prompt assistance you provided us with during this project.

Could you kindly express our gratitude to your engineers for the excellent work they carried out for us. “

Farhad | London Borough of Hounslow

×


” Being responsible for IT in an organisation which is very tech dependant is a real challenge, especially having no formal IT experience myself.  Having the Nouveau team at the end of the phone is a real-life saver and I have needed a life line many times.  I most appreciate the accessibility, knowledge and friendliness of the team. “

Judith Ball | CFO | Aspen Worldwide

×

Euronics Logo
” The company I work for has been using Nouveau Solutions for the past 15+ years and I have had the pleasure myself to build up a good, close relationship with them for about 12 of those years.

Nouveau Solutions have dedicated teams for each different area that are made up of very knowledgeable technicians and engineers that specialise in their specific area of expertise. It is due to this that I always feel confident that Nouveau Solutions will be able to deliver us any IT services that we may request from them (there has been a lot over the years).

They have always gone above and beyond to deliver high quality professional IT services to meet any requirements that we throw at them within any timeframes that we may set.

On top of the ad-hoc IT services we request from Nouveau Solutions, they also monitor, manage, maintain and support some of our network infrastructure and have always been on hand to resolve any issues that may be noticed via their monitoring or raised by us within a timely manner.

We also purchase the majority of our IT equipment including hardware, software and licensing through Nouveau Solutions which is always at a reasonable price and always received within a timely manner.

Since day one of our relationship with Nouveau Solutions we have been appointed to the same one account manager which has allowed him to get to know our business very well. The service that has been provided by him to us has been nothing but exceptional. He always comes across as knowledgeable in any business discussions that we may have and has always been happy to take the time to communicate with us, make us aware of anything that we need to be aware of, or provide us with updates on anything.  I have always had the impression that his main priority is to ensure that we are happy with everything that Nouveau Solutions provides to us and he will do anything to ensure that is the case.

All in all, I have nothing but praise to offer for Nouveau Solutions and would highly recommend them to any company that was looking for an IT services company.  There are definitely no plans here to switch to a different IT services company for the foreseeable future.

Here’s to many more years with using Nouveau Solutions! “

Lee Burgess | IT Systems Administrator | Combined Independents (Holdings) Ltd

×


” Nouveau have been brilliant from start to finish – very professional and competitive with their service and pricing. We needed a large number of Firewalls to deploy across our global company over a very short time period and thanks to Jack’s excellent availability, Nouveau’s turn-around time was extremely swift, even with nearly no notice. Nouveau not only provided us with the hardware  – one of their competent technicians supplied us with some design work in the past to help with our data centre firewalls replacement project! Nouveau have been great to work with. “

Hassan Ashraf | IT Service and Infrastructure Manager | Everlight Radiology

×


” In the summer of 2017, I approached Nouveau in the hope of finding a competent partner that could help us through an upcoming hardware refresh. A priority of ours was to discover a local business (within 20 miles) that excelled and specialised in HPE, Dell, Fortinet and Microsoft/Office 365 as we planned to refresh our whole core infrastructure,. This included storage, infrastructure hosting and networking (core, access and perimeter) for our headquarters and our other branches. After an extensive phase of speccing, detail planning and quoting, Andy Swain and his team were able to offer a “spot on” solution for our demands with a very high cost/value ratio. This project led to a very open and trusting partnership with Nouveau and made them our No.1 partner within IT. “

Stefan Nader | Ensilica

×